pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2007Q2]: pkgsrc Pullup ticket 2184 - requested by tron
details: https://anonhg.NetBSD.org/pkgsrc/rev/3a145f840755
branches: pkgsrc-2007Q2
changeset: 530506:3a145f840755
user: ghen <ghen%pkgsrc.org@localhost>
date: Sat Sep 08 09:54:45 2007 +0000
description:
Pullup ticket 2184 - requested by tron
security update for apache2
- pkgsrc/devel/apr0/Makefile 1.3
- pkgsrc/devel/apr0/distinfo 1.2
- pkgsrc/www/apache2/Makefile 1.118
- pkgsrc/www/apache2/Makefile.commom 1.22
- pkgsrc/www/apache2/PLIST 1.35
- pkgsrc/www/apache2/distinfo 1.51
- pkgsrc/www/apache2/patches/patch-ap removed
- pkgsrc/www/apache2/patches/patch-aq removed
Module Name: pkgsrc
Committed By: tron
Date: Fri Sep 7 23:11:41 UTC 2007
Modified Files:
pkgsrc/devel/apr0: Makefile distinfo
pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
Log Message:
Update "apr" package to version 0.9.16.2.0.61 and "apache2" package
to version 2.0.61.
This update is a bug and security fix release. The following security
problem hasn't been fixed in "pkgsrc" before:
- CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when
parsing date-related headers.
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Sep 7 23:28:23 UTC 2007
Removed Files:
pkgsrc/www/apache2/patches: patch-ap patch-aq
Log Message:
Remove obsolete patch files.
diffstat:
devel/apr0/Makefile | 3 +-
devel/apr0/distinfo | 8 ++--
www/apache2/Makefile | 3 +-
www/apache2/Makefile.common | 8 ++--
www/apache2/PLIST | 5 +-
www/apache2/distinfo | 10 ++---
www/apache2/patches/patch-ap | 44 ----------------------
www/apache2/patches/patch-aq | 87 --------------------------------------------
8 files changed, 17 insertions(+), 151 deletions(-)
diffs (258 lines):
diff -r a02b394b236e -r 3a145f840755 devel/apr0/Makefile
--- a/devel/apr0/Makefile Tue Sep 04 12:48:26 2007 +0000
+++ b/devel/apr0/Makefile Sat Sep 08 09:54:45 2007 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2007/02/11 16:05:51 tv Exp $
+# $NetBSD: Makefile,v 1.2.4.1 2007/09/08 09:54:45 ghen Exp $
.include "../../www/apache2/Makefile.common"
PKGNAME= apr-${APR_VERSION}.${APACHE_VERSION}
-PKGREVISION= 3
CATEGORIES= devel
HOMEPAGE= http://apr.apache.org/
diff -r a02b394b236e -r 3a145f840755 devel/apr0/distinfo
--- a/devel/apr0/distinfo Tue Sep 04 12:48:26 2007 +0000
+++ b/devel/apr0/distinfo Sat Sep 08 09:54:45 2007 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1.1.1 2007/01/24 19:31:24 epg Exp $
+$NetBSD: distinfo,v 1.1.1.1.4.1 2007/09/08 09:54:45 ghen Exp $
-SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
-RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
-Size (httpd-2.0.59.tar.bz2) = 4743549 bytes
+SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4
+RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882
+Size (httpd-2.0.61.tar.bz2) = 4580339 bytes
SHA1 (patch-aa) = c84bdb6bcb14bf6bc7ea0d8f13334dd8c3ef2ef9
SHA1 (patch-an) = 76d9ac0cdddec7c0f41535baee63bf0aa26ed596
SHA1 (patch-ao) = e35630af53a78fce9aa5347a81cb1bcf8fb3058e
diff -r a02b394b236e -r 3a145f840755 www/apache2/Makefile
--- a/www/apache2/Makefile Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/Makefile Sat Sep 08 09:54:45 2007 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.114 2007/06/28 01:49:04 lkundrak Exp $
+# $NetBSD: Makefile,v 1.114.2.1 2007/09/08 09:54:45 ghen Exp $
.include "Makefile.common"
PKGNAME= apache-${APACHE_VERSION}
-PKGREVISION= 6
CATEGORIES= www
HOMEPAGE= http://httpd.apache.org/
diff -r a02b394b236e -r 3a145f840755 www/apache2/Makefile.common
--- a/www/apache2/Makefile.common Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/Makefile.common Sat Sep 08 09:54:45 2007 +0000
@@ -1,12 +1,12 @@
-# $NetBSD: Makefile.common,v 1.21 2006/07/28 10:38:36 tron Exp $
+# $NetBSD: Makefile.common,v 1.21.8.1 2007/09/08 09:54:45 ghen Exp $
DISTNAME= httpd-${APACHE_VERSION}
EXTRACT_SUFX= .tar.bz2
# When updating this version be sure to update the checksum and remove
# any PKGREVISION for devel/apr also.
-APACHE_VERSION= 2.0.59
-APR_VERSION= 0.9.12
+APACHE_VERSION= 2.0.61
+APR_VERSION= 0.9.16
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/} \
http://www.NetBSD.org/images/logos/
-MAINTAINER= tron%NetBSD.org@localhost
+MAINTAINER= pkgsrc-users%NetBSD.org@localhost
diff -r a02b394b236e -r 3a145f840755 www/apache2/PLIST
--- a/www/apache2/PLIST Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/PLIST Sat Sep 08 09:54:45 2007 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.34 2006/07/28 13:35:37 tron Exp $
+@comment $NetBSD: PLIST,v 1.34.8.1 2007/09/08 09:54:46 ghen Exp $
include/httpd/ap_compat.h
include/httpd/ap_config.h
include/httpd/ap_config_auto.h
@@ -154,6 +154,7 @@
share/httpd/htdocs/index.html.zh-cn.gb2312
share/httpd/htdocs/index.html.zh-tw.big5
share/httpd/icons/README
+share/httpd/icons/README.html
share/httpd/icons/a.gif
share/httpd/icons/a.png
share/httpd/icons/alert.black.gif
@@ -281,7 +282,6 @@
share/httpd/icons/screw2.png
share/httpd/icons/script.gif
share/httpd/icons/script.png
-share/httpd/icons/small/README.txt
share/httpd/icons/small/back.gif
share/httpd/icons/small/back.png
share/httpd/icons/small/binary.gif
@@ -721,6 +721,7 @@
share/httpd/manual/mod/mod_logio.html.ko.euc-kr
share/httpd/manual/mod/mod_mem_cache.html
share/httpd/manual/mod/mod_mem_cache.html.en
+share/httpd/manual/mod/mod_mem_cache.html.ja.euc-jp
share/httpd/manual/mod/mod_mem_cache.html.ko.euc-kr
share/httpd/manual/mod/mod_mime.html
share/httpd/manual/mod/mod_mime.html.en
diff -r a02b394b236e -r 3a145f840755 www/apache2/distinfo
--- a/www/apache2/distinfo Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/distinfo Sat Sep 08 09:54:45 2007 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.50 2007/06/28 01:49:04 lkundrak Exp $
+$NetBSD: distinfo,v 1.50.2.1 2007/09/08 09:54:46 ghen Exp $
-SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
-RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
-Size (httpd-2.0.59.tar.bz2) = 4743549 bytes
+SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4
+RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882
+Size (httpd-2.0.61.tar.bz2) = 4580339 bytes
SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23
SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
@@ -13,5 +13,3 @@
SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
SHA1 (patch-ao) = c629a7563d0e555922526e26b266251144a14ff6
-SHA1 (patch-ap) = 3f9dbd6dbbadb54f5255dfdb15decc6cc7e8eccc
-SHA1 (patch-aq) = d1e0243b28c9e224746fa5cac1321f55c5c0927e
diff -r a02b394b236e -r 3a145f840755 www/apache2/patches/patch-ap
--- a/www/apache2/patches/patch-ap Tue Sep 04 12:48:26 2007 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-$NetBSD: patch-ap,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
-
-Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on.
-
---- modules/generators/mod_status.c.orig 2006-07-12 09:40:55.000000000 +0200
-+++ modules/generators/mod_status.c
-@@ -269,7 +269,7 @@ static int status_handler(request_rec *r
- if (r->method_number != M_GET)
- return DECLINED;
-
-- ap_set_content_type(r, "text/html");
-+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
-
- /*
- * Simple table-driven form data set parser that lets you alter the header
-@@ -298,7 +298,7 @@ static int status_handler(request_rec *r
- no_table_report = 1;
- break;
- case STAT_OPT_AUTO:
-- ap_set_content_type(r, "text/plain");
-+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
- short_report = 1;
- break;
- }
-@@ -664,7 +664,8 @@ static int status_handler(request_rec *r
- ap_escape_html(r->pool,
- ws_record->client),
- ap_escape_html(r->pool,
-- ws_record->request),
-+ ap_escape_logitem(r->pool,
-+ ws_record->request)),
- ap_escape_html(r->pool,
- ws_record->vhost));
- }
-@@ -753,7 +754,8 @@ static int status_handler(request_rec *r
- ap_escape_html(r->pool,
- ws_record->vhost),
- ap_escape_html(r->pool,
-- ws_record->request));
-+ ap_escape_logitem(r->pool,
-+ ws_record->request)));
- } /* no_table_report */
- } /* for (j...) */
- } /* for (i...) */
diff -r a02b394b236e -r 3a145f840755 www/apache2/patches/patch-aq
--- a/www/apache2/patches/patch-aq Tue Sep 04 12:48:26 2007 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,87 +0,0 @@
-$NetBSD: patch-aq,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
-
-Fix for CVE-2007-1863 remote crash when mod_cache enabled.
-
---- modules/experimental/cache_util.c.orig 2006-07-12 09:40:55.000000000 +0200
-+++ modules/experimental/cache_util.c
-@@ -186,10 +186,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
- age = ap_cache_current_age(info, age_c, r->request_time);
-
- /* extract s-maxage */
-- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
-+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
-+ && val != NULL) {
- smaxage = apr_atoi64(val);
- }
-- else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) {
-+ else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)
-+ && val != NULL) {
- smaxage = apr_atoi64(val);
- }
- else {
-@@ -197,7 +199,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
- }
-
- /* extract max-age from request */
-- if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
-+ if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
-+ && val != NULL) {
- maxage_req = apr_atoi64(val);
- }
- else {
-@@ -205,10 +208,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
- }
-
- /* extract max-age from response */
-- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
-+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
-+ && val != NULL) {
- maxage_cresp = apr_atoi64(val);
- }
-- else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) {
-+ else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)
-+ && val != NULL) {
- maxage_cresp = apr_atoi64(val);
- }
- else
-@@ -231,14 +236,28 @@ CACHE_DECLARE(int) ap_cache_check_freshn
-
- /* extract max-stale */
- if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
-- maxstale = apr_atoi64(val);
-+ if(val != NULL) {
-+ maxstale = apr_atoi64(val);
-+ }
-+ else {
-+ /*
-+ * If no value is assigned to max-stale, then the client is willing
-+ * to accept a stale response of any age (RFC2616 14.9.3). We will
-+ * set it to one year in this case as this situation is somewhat
-+ * similar to a "never expires" Expires header (RFC2616 14.21)
-+ * which is set to a date one year from the time the response is
-+ * sent in this case.
-+ */
-+ maxstale = APR_INT64_C(86400*365);
-+ }
- }
- else {
- maxstale = 0;
- }
-
- /* extract min-fresh */
-- if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
-+ if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
-+ && val != NULL) {
- minfresh = apr_atoi64(val);
- }
- else {
-@@ -384,6 +403,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_
- next - val_start);
- }
- }
-+ else {
-+ *val = NULL;
-+ }
- }
- return 1;
- }
Home |
Main Index |
Thread Index |
Old Index